Menu

How to: Set up free SSL certificate of Let’s Encrypt for Umbraco

Google and a number of other major parties go for fully encrypted internet so that the privacy and security of the Internet user will be secured as much as possible. You encrypt your website with an SSL certificate.

You will then see a lock with the predicate safe (in Chrome) in your browser’s bar. You can read more about why you should switch to https in an earlier blog post. In this article you can read how to apply for a free SSL certificate from Lets Encrypt and set it up for Umbraco.

Let’s Encrypt SSL

Let's Encrypt is an initiative of the Internet Security Research Group (ISRG) supported by major parties such as Mozilla, Cisco, and the US Civil Rights Movement EFF. The service makes creating free SSL certificates possible. The certificates are valid for a maximum of 90 days, after which they must be renewed. The relatively short duration has two reasons: the organization thus stimulates the automation of SSL certificates and can quickly respond to changes. This is particularly relevant because several Certification Authorities, such as WoSign and the Dutch Diginotar, have recently had bad press.

In Let's Encrypt’s short period of existence already more than 24 million certificates have been issued and this number is expected to sharply increase in the coming year. So will your Umbraco website also shortly have https? You will read how to do that below.

Download letsencrypt-win-simple and extract the files into c:\encrypt-win-simple\ on your web server.

Open Webconfig and add the .well-known folder to umbracoReservedPaths.<add key="umbracoReservedPaths" value="~/umbraco,~/install/,~/.well-known/" />

Start PowerShell as Administrator and launch the tool:C:\encrypt-win-simple>letsencrypt.exe

Select the domain for which you want to generate an SSL certificate from the list.

Finally, there is the question under which user account you want to perform your task, which automatically renews the certificates every 3 months. You can create an account specifically for this or use the default Administrator account by selecting "N".

How does the tool work?

Let's Encrypt is based on the ACME protocol. The ACME protocol uses a DNS entry or a static web page on the domain to verify that you own that domain. The configuration example given here works with a static page as follows:

The tool launches an application for the SSL certificate.

The server indicates that a specific file must be created for authentication.

The tool creates this specific file, which can be found in the .well-known directory.

The file will be checked and the SSL certificate is issued.

Redirect http to https in IIS

Your certificate is now ready for use and letsencrypt-win-simple ensures that it will automatically be updated every 90 days. But you are not there yet. A redirect must be set so that all website visitors always use the secure connection. You can do that in IIS.